Hello,I am currently attending an accredited University en-route to bachelors degree in CISSM I'm not completely sure thats where I want to end up but I am definitely interested in the field as a whole. This is a 2nd career for me as I've been In the automotive industry for 25yrs. My question is this; Is it beneficial for me to get the degree, or are ecourses with certs just as useful. I've been in management for the past 15 years and was going to try and link both skill sets.Thanks for your consideration

If you had written CISM (mostly managers have this certification) or for that sake perhaps CISSP (mostly security consultants but also some managers have this), it would benefit great to your fundamental knowledge about information security.

Neither one is going to teach you how to become a hacker right away, it's something that takes dedication and time which may be hard to find, but it's far from impossible for anyone, at any point in their life as long as they're willing to learn.

I don't know how much you learn at CISSM, but I presume it's at least equivalent to CISSP when it's a bachelor degree.

I can't say whether it's benefical for you to get this degree or not as I don't know CISSM (others might), but if you go for CISM or CISSP (certifications) you have a good starting point.

When you want to get more technical, try eCPPT, OSCP, or the Hacking Dojo depending on what your skill level is and what your preferred method of studying is. SANS courses are generally easy to understand but it's not always you learn the high tech stuff, even though courses like GSEC may give you a good foundation as well. Keep in mind SANS is a lot more expensive than most other information security training providers.

A degree can be important in many situations. I know people who have been denied offers outright solely because they did not have a degree, despite being completely qualified otherwise.

eCourses and certs may be sufficient for some employees, but you shouldn't view them as a substitute for a degree.

Ideally, you will have a degree, certs, and experience. I would also recommend that you do some (professional) networking, as I've personally had better luck finding positions through people I know as opposed to job postings, recruiters, etc. Attend local OWASP, ISSA, ISACA, etc. meetings if any are available in your area.

That's not to say you need a degree. I know many people who are successful without one, and I've obtained several professional/managerial positions without having completed mine (though finishing it is a priority of mine, and I think demonstrating that it's in-progress helps to some extent).